DNSO General Assembly
Shanghai Meeting, 29 October 2002

IANA access to TLD zone files

Last update: 2002-10-18

Submit an online comment.


Zone files are the authoritative sources of information in the DNS. A zone file is composed of so-called resource records which can (1) provide authoritative information (e.g., "www.example.com is at"), (2) provide pointers to sources for authoritative information (delegations, e.g., "information about example.com is available from ns1.example.com and from ns2.example.com"), or (3) contain non-authoritative glue records ("by the way, ns1.example.com is at, and ns2 is at") which are used to actually access the listed name servers.

On the TLD and root levels, zone file content is normally limited to name server information (technically called "delegations") and glue records.

Zone files are shared between the redundant servers which provide name service for any given domain. The query by which the transmission of a zone file from a name server is requested is commonly known as "AXFR", after the corresponding DNS query type. (See RFC 1035, section 3.2.3.)

For some time, name servers have made AXFR access available to everyone who'd ask. For the rather common BIND name server, access to zone files can be controlled by using the xfrnets directive introduced in bind-4.9.2 (released in February 1994; source: bind-4.9.5 changelog) or its more fine-grained successors in the more recent bind 8 releases.

Nowadays, it is relatively common that name servers do not make the full zone files they are serving available, except for the use by the domain's secondary servers.

Zone file policy

Access to zone files (by AXFR or other means) has become a policy issue due to its role in the process used by IANA when the name servers authoritative for a ccTLD are updated in the root zone. In ICP-1 and a companion FAQ document , IANA asserts that, as a matter of policy, TLDs have an obligation to make zone files available to IANA for checking, at the point of time of an update of the TLD's delegation.

This is currently disputed by various members of the ccTLD community, who do not make access to their zone files available to IANA.

As a consequence of this dispute, IANA has not yet implemented a number of pending delegation updates.

The panel will consider two questions:

  1. Is there a compelling reason why IANA needs to inspect TLD zone files?
  2. Do ccTLD operators have a compelling reason to deny IANA's request to inspect their zone files?

The Panel

The panel session will be structured into four segments:

  • A brief factual introduction.
  • A presentation from IANA staff on IANA's current policy.
  • A presentation from the ccTLD constituency on ccTLDs' reservations about that policy.
  • Discussion.

The panel will consist of participants from the ccTLD constituency, IANA staff, and the Security Advisory Committee.

Submit an online comment.

Contact: Thomas Roessler <roessler@does-not-exist.org>